Linux Today: Linux News On Internet Time.

More on LinuxToday

Medusa: Open Source Software 'Login Brute-Forcer' for Password Auditing

Jun 10, 2010, 19:42 (0 Talkback[s])
(Other stories by Paul Rubens)

"The only certain way for a hacker to find a correct password is to try every possibility until he gets lucky -- a process called bruteforcing. A one-, two- or three-character password can be bruteforced quite quickly, but as the password length increases, the chances of successfully bruteforcing a password become vanishingly small. The time required to have a reasonable chance of bruteforcing a 15-character password can be measured in billions of years.

"Medusa is described as a "speedy, massively parallel, modular, login brute-forcer" with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa has been designed to run faster than Hydra by using thread-based (rather than Hydra's process-based) parallel testing to attempt to log in to multiple hosts or users concurrently."

Complete Story

Related Stories: